Biometrics Overview

Applies To: Windows Server 2008 R2

For enhanced convenience, Windows 7 enables administrators and users to use fingerprint biometric devices to log on to computers, grant elevation privileges through User Account Control (UAC), and perform basic management of the fingerprint devices. Administrators can manage fingerprint biometric devices in Group Policy by enabling, limiting, or blocking their use.

What is biometrics?

A growing number of computers, particularly portable computers, include embedded fingerprint readers. Fingerprint readers can be used for identification and authentication of users in Windows. Until now, there has been no standard support for biometric devices or for biometric-enabled applications in Windows. Computer manufacturers had to provide software to support biometric devices in their products. This made it more difficult for users to use the devices and administrators to manage the use of biometric devices.

Windows 7 includes the Windows Biometric Framework that exposes fingerprint readers and other biometric devices to higher-level applications in a uniform way, and offers a consistent user experience for discovering and starting fingerprint applications. It does this by providing the following:

A Biometric Devices Control Panel item that allows users to control the availability of biometric devices and whether they can be used to log on to a local computer or domain.

Device Manager support for managing drivers for biometric devices.

Credential provider support to enable and configure the use of biometric data to log on to a local computer and perform UAC elevation.

Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain. Group Policy settings can also prevent installation of biometric device driver software or force the biometric device driver software to be uninstalled.

Biometric device driver software available from Windows Update.

Who will want to use biometric devices?

Fingerprint biometric devices offer a convenient way for users to log on to computers and grant elevation through UAC.

What are the benefits of the new biometric features?

The new biometric features provide a consistent way to implement fingerprint biometric–enabled applications and manage fingerprint biometric devices on stand-alone computers or on a network. The Windows Biometric Framework makes biometric devices easier for users and for administrators to configure and control on a local computer or in a domain.

What's the impact of these changes on biometrics?

The introduction of the Windows Biometric Framework allows the integration of fingerprint biometric devices in Windows. It offers a consistent user experience for logging on to Windows and performing UAC elevation. In addition, it provides a common set of discovery and integration points that offers a more consistent user experience across devices and applications. The Windows Biometric Framework also includes management functions that allow administrators to control the deployment of biometric fingerprint devices in the enterprise.